This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to thefollowing package versions:

Ubuntu 8.04 LTS: apport 0.108.4

Ubuntu 8.10: apport 0.119.2

Ubuntu 9.04: apport 1.0-0ubuntu5.2

In general, a standard system upgrade is sufficient to effect thenecessary changes.

Details follow:

Stephane Chazelas discovered that Apport did not safely remove files fromits crash report directory. If Apport had been enabled at some point, alocal attacker could remove arbitrary files from the system.